Article Categories
- All Categories
-
Data Structure
-
Networking
-
RDBMS
-
Operating System
-
Java
-
MS Excel
-
iOS
-
HTML
-
CSS
-
Android
-
Python
-
C Programming
-
C++
-
C#
-
MongoDB
-
MySQL
-
Javascript
-
PHP
-
Economics & Finance
How to Install and Configure OpenSSH Server In Linux?
OpenSSH is an open-source tool that provides secure encrypted communication between different machines on a network. It is widely used in Linux-based systems as a way to securely access and manage remote servers. In this article, we will discuss how to install and configure OpenSSH server in Linux.
Step 1: Checking if OpenSSH is Installed
The first step in the installation process is to check whether OpenSSH is already installed on your Linux machine. To do this, open your terminal and type the following command
ssh -V
If OpenSSH is already installed, the command will display the version number of the software. If it is not installed, the command will display an error message.
Step 2: Installing OpenSSH Server
If OpenSSH is not installed, you can install it using your Linux distribution's package manager. The package name may vary depending on the Linux distribution you are using. Below are commands to install OpenSSH on some popular Linux distributions
Ubuntu/Debian
sudo apt update sudo apt install openssh-server
Fedora/CentOS/RHEL
sudo dnf install openssh-server # For older versions: sudo yum install openssh-server
Arch Linux
sudo pacman -S openssh
After installation, enable and start the SSH service
sudo systemctl enable sshd sudo systemctl start sshd
Step 3: Configuring OpenSSH
After installing OpenSSH, the next step is to configure it. OpenSSH's main configuration file is located at /etc/ssh/sshd_config. Before editing the configuration file, make a backup copy
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
Open the configuration file using your preferred text editor
sudo nano /etc/ssh/sshd_config
Some important configuration options are
Port Sets the port number on which OpenSSH will listen for incoming connections. The default port is 22, but changing it to a different number improves security.
PermitRootLogin Specifies whether the root user is allowed to log in via SSH. It is recommended to set this to
noand create a separate user account with administrative privileges.PasswordAuthentication Specifies whether password-based authentication is allowed. Set this to
nofor better security and use public key authentication instead.PubkeyAuthentication Specifies whether public key authentication is allowed. It is recommended to set this to
yes.
After editing the configuration file, save the changes and restart the OpenSSH server to apply the new configuration
sudo systemctl restart sshd
Step 4: Creating SSH Keys
To use public key authentication with OpenSSH, you need to generate a pair of SSH keys on your local machine. Generate the keys using the ssh-keygen command
ssh-keygen -t rsa -b 4096
This command will generate a pair of RSA keys with a key length of 4096 bits. The keys will be stored in the ~/.ssh directory. You can also use ED25519 keys for better performance
ssh-keygen -t ed25519
Step 5: Copying Public Key to Server
After generating SSH keys, you need to copy the public key to the remote server. Use the ssh-copy-id command
ssh-copy-id username@server-ip-address
Replace username and server-ip-address with your remote server's username and IP address. The command will prompt you to enter your remote server's password, then copy your public key to the remote server's authorized_keys file.
Step 6: Connecting with SSH Keys
After copying the public key to the server, you can log in to the remote server using public key authentication
ssh username@server-ip-address
If you need to specify a custom key file, use the -i option
ssh -i ~/.ssh/id_rsa username@server-ip-address
The SSH command will use your private key to authenticate the connection, and you will be logged in without entering a password.
Advanced Configuration Options
OpenSSH provides additional configuration options for enhanced security and functionality
| Option | Description | Recommended Value |
|---|---|---|
| AllowUsers | Restricts SSH access to specific users | user1 user2 |
| ClientAliveInterval | Keep-alive message interval (seconds) | 300 |
| MaxAuthTries | Maximum authentication attempts | 3 |
| X11Forwarding | Enables graphical application forwarding | yes/no |
Security Best Practices
Use strong key pairs Generate unique, strong key pairs for each user and store private keys securely.
Disable root login Set
PermitRootLogin noand use sudo for administrative tasks.Change default port Use a non-standard port to reduce automated attacks.
Enable firewall Configure firewall rules to allow SSH only from trusted IP addresses.
Keep software updated Regularly update OpenSSH to patch security vulnerabilities.
Troubleshooting
If you encounter issues while configuring OpenSSH, check the following
View SSH logs
sudo tail -f /var/log/auth.log
Check service status
sudo systemctl status sshd
Verify firewall settings
sudo ufw allow ssh sudo firewall-cmd --add-service=ssh --permanent
Conclusion
OpenSSH is an essential tool for secure remote server management in Linux environments. By following the installation and configuration steps outlined above, you can establish secure SSH connections using key-based authentication. Remember to implement security best practices such as disabling password authentication, changing default ports, and regularly updating your OpenSSH installation to maintain optimal security.
2K+ Views
